Lucene search

[email protected]CVE-2017-3846

HistoryMar 15, 2017 - 8:59 p.m.

CVE-2017-3846

2017-03-1520:59:00

CWE-20

[email protected]

web.nvd.nist.gov

cisco

workload automation

tidal enterprise scheduler

cve-2017-3846

vulnerability

remote attacker

input validation

exploit

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

8.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

8.4 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

52.1%

JSON

A vulnerability in the Client Manager Server of Cisco Workload Automation and Cisco Tidal Enterprise Scheduler could allow an unauthenticated, remote attacker to retrieve any file from the Client Manager Server. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted URL to the Client Manager Server. An exploit could allow the attacker to retrieve any file from the Cisco Workload Automation or Cisco Tidal Enterprise Scheduler Client Manager Server. This vulnerability affects the following products: Cisco Tidal Enterprise Scheduler Client Manager Server releases 6.2.1.435 and later, Cisco Workload Automation Client Manager Server releases 6.3.0.116 and later. Cisco Bug IDs: CSCvc90789.

Affected configurations

NVD

Node

ciscotidal_enterprise_schedulerMatch6.2.1.435

ciscotidal_enterprise_schedulerMatch6.2.1.510

ciscotidal_enterprise_schedulerMatch6.3.0

ciscotidal_enterprise_schedulerMatch6.3.0.116

CPENameOperatorVersion
cisco:tidal_enterprise_schedulercisco tidal enterprise schedulereq6.2.1.435
cisco:tidal_enterprise_schedulercisco tidal enterprise schedulereq6.2.1.510
cisco:tidal_enterprise_schedulercisco tidal enterprise schedulereq6.3.0
cisco:tidal_enterprise_schedulercisco tidal enterprise schedulereq6.3.0.116

CPE	Name	Operator	Version
cisco:tidal_enterprise_scheduler	cisco tidal enterprise scheduler	eq	6.2.1.435
cisco:tidal_enterprise_scheduler	cisco tidal enterprise scheduler	eq	6.2.1.510
cisco:tidal_enterprise_scheduler	cisco tidal enterprise scheduler	eq	6.3.0
cisco:tidal_enterprise_scheduler	cisco tidal enterprise scheduler	eq	6.3.0.116

CNA Affected

[
  {
    "product": "Cisco Workload Automation and Tidal Enterprise Scheduler Client Manager Server",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Cisco Workload Automation and Tidal Enterprise Scheduler Client Manager Server"
      }
    ]
  }
]

References

www.securityfocus.com/bid/96910

www.securitytracker.com/id/1038044

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-tes

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

8.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

8.4 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

52.1%

JSON

Related for CVE-2017-3846

cvelist1 prion1 nvd1 cisco1